Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/odfy4vPi4Pi-JTqV8dfURD0fEuM.roa
File:                     odfy4vPi4Pi-JTqV8dfURD0fEuM.roa (raw, json)
Hash identifier:          wHmXEUBaQSHX9Yff4A0HPLaMB7FCiS1ia57jRm9XO8I=
Subject key identifier:   A1:D7:F2:E2:F3:E2:E0:F8:BE:25:3A:95:F1:D7:D4:44:3D:1F:12:E3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018986BE02A206CAFC69D1AA87A7A5338905
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/odfy4vPi4Pi-JTqV8dfURD0fEuM.roa
Signing time:             Mon 24 Jul 2023 07:12:26 +0000
ROA not before:           Mon 24 Jul 2023 07:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:86:be:02:a2:06:ca:fc:69:d1:aa:87:a7:a5:33:89:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 24 07:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a1d7f2e2f3e2e0f8be253a95f1d7d4443d1f12e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:6c:33:37:82:5f:cb:c9:3e:28:4d:a0:12:d6:
                    eb:f3:b2:15:57:26:58:49:3f:07:13:8b:77:8b:fe:
                    a1:12:f1:de:6c:8a:ae:7c:34:9d:aa:a8:36:9b:f6:
                    64:ba:c0:41:27:70:f0:53:9b:c9:a3:93:22:6f:63:
                    0f:d3:ca:fe:da:85:bf:ec:c3:1c:c1:7f:03:5c:d2:
                    45:9d:4e:7a:af:ac:58:b7:18:ec:fb:25:4b:86:47:
                    36:6d:b0:62:8f:f9:a7:f3:9a:92:ba:fd:09:af:e2:
                    a2:89:50:5c:3a:3e:be:3d:b0:05:32:e2:71:f4:34:
                    78:2e:bf:e6:99:98:7c:48:b0:6b:e2:a0:15:15:44:
                    49:0f:73:87:6c:70:2c:42:73:d8:41:81:ab:f6:23:
                    10:0b:47:b9:9d:c6:dc:40:2b:1d:9b:10:81:19:ea:
                    21:c2:a7:12:fe:b7:7a:d1:4f:f1:1c:8f:47:2c:62:
                    a6:aa:e2:e3:f7:60:e9:39:b7:68:1b:26:ef:70:8a:
                    84:5d:5c:c9:6c:58:60:2c:c7:e3:f7:76:ff:61:60:
                    47:e5:e8:73:d9:fe:8b:31:b5:4f:86:be:5c:a7:1d:
                    52:28:c1:1c:14:ad:32:45:c4:83:1b:fb:d4:e7:25:
                    87:19:63:75:e2:39:ab:b6:fd:37:b6:50:2d:c3:71:
                    ea:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:D7:F2:E2:F3:E2:E0:F8:BE:25:3A:95:F1:D7:D4:44:3D:1F:12:E3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/odfy4vPi4Pi-JTqV8dfURD0fEuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:a6:0a:81:41:f5:97:95:b8:ea:67:fe:ac:04:95:e7:f3:cd:
         bb:61:e0:82:81:35:6e:a0:95:2c:10:a3:95:2b:fb:54:92:a7:
         b5:7b:ea:8f:62:1f:f2:ba:48:4a:7a:d7:7a:74:cc:55:2f:86:
         68:ee:68:7c:66:70:54:f9:e0:70:06:39:38:bd:80:f0:4a:3d:
         cf:44:94:25:4f:4c:e8:f9:f3:eb:0a:f7:18:1f:57:93:2c:80:
         5a:67:fc:c1:08:e3:30:0a:2c:70:f3:78:18:8b:01:b6:b0:58:
         0c:91:81:96:ab:db:ce:8c:32:d6:65:f4:06:31:e7:25:72:da:
         1b:ad:0a:69:24:e2:32:23:a0:b2:e6:63:d3:3c:f1:8d:ea:fe:
         a3:47:0c:e3:8f:84:4e:33:e8:e6:85:eb:44:1b:de:73:5a:bb:
         40:67:51:7e:66:33:e5:d7:d7:83:20:f9:00:92:83:43:e9:f7:
         af:13:68:48:5c:c6:98:9b:f9:db:48:18:16:6f:97:4b:0f:f5:
         23:6c:b4:47:f5:61:84:2c:64:52:8a:e9:6b:09:61:04:26:0b:
         00:f6:b2:73:6a:a9:1a:64:de:a2:44:8b:64:af:7f:15:a5:7f:
         b0:39:1a:7f:64:86:71:d2:68:e6:ab:2a:66:af:6a:54:f5:61:
         bc:76:00:ff
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmGvgKiBsr8adGqh6elM4kFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI0MDcxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWQ3ZjJlMmYzZTJlMGY4YmUyNTNhOTVmMWQ3ZDQ0NDNkMWYxMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2wzN4Jfy8k+KE2gEtbr87IVVyZY
ST8HE4t3i/6hEvHebIqufDSdqqg2m/ZkusBBJ3DwU5vJo5Mib2MP08r+2oW/7MMc
wX8DXNJFnU56r6xYtxjs+yVLhkc2bbBij/mn85qSuv0Jr+KiiVBcOj6+PbAFMuJx
9DR4Lr/mmZh8SLBr4qAVFURJD3OHbHAsQnPYQYGr9iMQC0e5ncbcQCsdmxCBGeoh
wqcS/rd60U/xHI9HLGKmquLj92DpObdoGybvcIqEXVzJbFhgLMfj93b/YWBH5ehz
2f6LMbVPhr5cpx1SKMEcFK0yRcSDG/vU5yWHGWN14jmrtv03tlAtw3HqZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKHX8uLz4uD4viU6lfHX1EQ9HxLjMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb2RmeTR2UGk0UGktSlRxVjhkZlVSRDBmRXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHGmCoFB9ZeVuOpn/qwE
lefzzbth4IKBNW6glSwQo5Ur+1SSp7V76o9iH/K6SEp613p0zFUvhmjuaHxmcFT5
4HAGOTi9gPBKPc9ElCVPTOj58+sK9xgfV5MsgFpn/MEI4zAKLHDzeBiLAbawWAyR
gZar286MMtZl9AYx5yVy2hutCmkk4jIjoLLmY9M88Y3q/qNHDOOPhE4z6OaF60Qb
3nNau0BnUX5mM+XX14Mg+QCSg0Pp968TaEhcxpib+dtIGBZvl0sP9SNstEf1YYQs
ZFKK6WsJYQQmCwD2snNqqRpk3qJEi2SvfxWlf7A5Gn9khnHSaOarKmavalT1Ybx2
AP8=
-----END CERTIFICATE-----